Falhas do tipo CWE-470
47 resultadosCVE-2023-32217CRITICALSailPoint IdentityIQ Unsafe use of Reflection VulnerabilityEPSS 0.6%CVE-2024-8014HIGHTelerik Reporting EntityDataSource Insecure Type ResolutionEPSS 0.6%CVE-2025-34393CRITICALBarracuda RMM < 2025.1.1 Service Center Insecure Reflection RCEEPSS 0.6%CVE-2026-8178CRITICALRemote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC DriverEPSS 0.6%CVE-2024-7059HIGHA high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec SecuEPSS 0.5%CVE-2026-34216MEDIUMCtrlPanel: Authenticated Remote Code Execution via Dynamic Class Instantiation in SettingsController.phpEPSS 0.5%CVE-2024-22258MEDIUMCVE-2024-22258: PKCE Downgrade in Spring Authorization ServerEPSS 0.5%CVE-2026-32264HIGHCraft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsControllerEPSS 0.5%CVE-2026-32263HIGHCraft CMS vulnerable to behavior injection RCE via EntryTypesControllerEPSS 0.5%CVE-2024-53850HIGHThe Addressing GLPI plugin allows data enumeration through uncontrolled object instantiationEPSS 0.5%CVE-2026-46718MEDIUMApache Calcite: A user-controled model can load arbitrary classes, leading to code executionEPSS 0.4%CVE-2025-31119HIGHCWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit FrameworkEPSS 0.4%CVE-2025-2794HIGHKentico Xperience <= 13.0.180 Unsafe ReflectionEPSS 0.4%CVE-2025-61925MEDIUMAstro's `X-Forwarded-Host` is reflected with no validationEPSS 0.4%CVE-2025-12967HIGHAn issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticateEPSS 0.4%CVE-2026-44339HIGHPraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables executeEPSS 0.4%CVE-2026-41175HIGHStatamic: Unsafe method invocation via query value resolution allows data destructionEPSS 0.3%CVE-2026-23923MEDIUMUnauthenticated arbitrary PHP class instantiationEPSS 0.3%CVE-2026-48517MEDIUMMessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic argumentsEPSS 0.3%CVE-2026-49287HIGHStatamic CMS vulnerable to unsafe method invocation via collection sorting allows data destructionEPSS 0.3%